Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/0o_VTAStZX77-Hd0d_NSJoJTUsg.roa
File:                     0o_VTAStZX77-Hd0d_NSJoJTUsg.roa (raw, json)
Hash identifier:          2vQFU5E2/iFZyus0aSZ4mv1wQ5BXGKQmPEBAetlfDKw=
Subject key identifier:   D2:8F:D5:4C:04:AD:65:7E:FB:F8:77:74:77:F3:52:26:82:53:52:C8
Certificate issuer:       /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial:       039D9A4D
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/0o_VTAStZX77-Hd0d_NSJoJTUsg.roa
Signing time:             Sat 01 Jan 2022 14:07:03 +0000
ROA not before:           Sat 01 Jan 2022 14:07:03 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     41957
IP address blocks:        77.83.94.0/24 maxlen: 24

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 60660301 (0x39d9a4d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
        Validity
            Not Before: Jan  1 14:07:03 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=d28fd54c04ad657efbf8777477f35226825352c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:87:0e:b5:fc:c5:82:d8:6a:76:16:49:96:33:
                    f4:46:01:03:a3:97:41:f1:19:e9:aa:13:e5:c6:d9:
                    b7:20:b4:9a:cf:7f:0b:28:66:58:b9:4c:78:44:9b:
                    55:16:a5:fa:bf:4b:d7:09:bd:67:46:59:6a:19:52:
                    e3:a3:df:0b:1c:82:58:44:d0:b7:a8:cf:3d:b6:f4:
                    a9:fd:c5:0d:3b:ff:56:b3:9b:aa:bb:96:8e:7a:be:
                    5d:59:50:f0:88:82:c7:dd:6c:1c:14:e2:2f:5f:92:
                    04:93:8c:ac:10:46:8b:55:68:29:9c:3f:9b:ba:82:
                    ed:4e:b7:b5:39:ac:d1:b1:4c:df:32:3b:6e:93:77:
                    95:3f:2d:07:4a:dd:b8:a7:24:37:4d:77:91:a4:af:
                    17:1f:8f:7e:36:57:31:fe:86:05:39:14:81:21:b6:
                    d9:0e:0f:f5:a3:03:c7:99:89:b5:eb:62:9f:f5:2f:
                    df:4f:a9:5d:15:9f:62:9e:f6:7b:1a:c5:62:ab:69:
                    8c:8a:9c:8a:60:0d:a6:b1:06:b2:7f:9e:fc:03:00:
                    60:d0:eb:96:01:50:b8:98:aa:ba:04:30:03:bc:6a:
                    59:08:be:ff:b8:fe:13:df:94:ca:95:d0:26:aa:11:
                    1b:74:c8:bf:72:36:f3:0b:f2:08:1f:36:98:02:08:
                    19:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:8F:D5:4C:04:AD:65:7E:FB:F8:77:74:77:F3:52:26:82:53:52:C8
            X509v3 Authority Key Identifier:
                keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/0o_VTAStZX77-Hd0d_NSJoJTUsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:bd:c4:f9:dd:e0:e7:be:31:3c:b3:cd:4e:e8:40:30:4a:aa:
         27:37:ba:54:cf:1e:b6:f6:93:49:02:06:56:1d:85:c7:5a:03:
         83:7a:79:d8:51:6e:8e:a8:b8:9c:93:9f:27:d4:aa:08:8f:24:
         5a:1a:c5:d7:4a:fb:52:43:76:18:6a:d3:cc:dc:f6:90:58:93:
         f3:f1:bb:04:17:f3:1a:b4:20:01:0b:76:4c:1d:e7:c4:83:11:
         36:21:86:35:d3:ab:4a:74:23:e4:ca:29:01:04:b8:31:86:28:
         24:04:a5:b8:02:c3:44:24:f4:66:2e:dc:28:a4:0e:66:d2:45:
         5d:a5:43:01:a8:b7:5b:ff:bb:0d:48:84:0c:92:d6:b0:cd:39:
         97:a7:2f:73:62:d1:8f:d7:fd:cc:5c:a6:3a:a6:e8:0a:f8:ab:
         a5:6f:3a:1e:27:93:c6:3f:3e:3a:ad:9c:a5:6e:cd:80:cf:cf:
         f5:eb:36:72:80:27:9b:0b:a9:b0:63:ff:b3:c5:11:d9:13:7b:
         d6:8c:2c:cf:e9:33:2a:03:24:79:f0:a2:18:55:05:0f:82:b1:
         3e:d5:c9:59:40:08:e5:db:a0:49:12:54:17:4c:a4:fe:f3:0b:
         2f:7c:aa:d8:b2:9c:b8:00:78:c9:d3:06:5e:69:c2:dd:4c:15:
         1e:0b:64:a0
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEA52aTTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
ZGEzOTQxYzI3Y2ZlNWMyMzRjNGJmMjIxZWNiMmE1NzliMmRlYWFiMB4XDTIyMDEw
MTE0MDcwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDI4ZmQ1NGMwNGFk
NjU3ZWZiZjg3Nzc0NzdmMzUyMjY4MjUzNTJjODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK6HDrX8xYLYanYWSZYz9EYBA6OXQfEZ6aoT5cbZtyC0ms9/
CyhmWLlMeESbVRal+r9L1wm9Z0ZZahlS46PfCxyCWETQt6jPPbb0qf3FDTv/VrOb
qruWjnq+XVlQ8IiCx91sHBTiL1+SBJOMrBBGi1VoKZw/m7qC7U63tTms0bFM3zI7
bpN3lT8tB0rduKckN013kaSvFx+PfjZXMf6GBTkUgSG22Q4P9aMDx5mJtetin/Uv
30+pXRWfYp72exrFYqtpjIqcimANprEGsn+e/AMAYNDrlgFQuJiqugQwA7xqWQi+
/7j+E9+UypXQJqoRG3TIv3I28wvyCB82mAIIGbMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBTSj9VMBK1lfvv4d3R381ImglNSyDAfBgNVHSMEGDAWgBRdo5QcJ8/lwjTE
vyIeyypXmy3qqzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1hhT1VIQ2ZQNWNJMHhMOGlIc3NxVjVzdDZxcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODAvMzBlZDNlLWM0YzQtNGRlOC1iNGYxLWYxMWEzOWYyNmMzYi8x
LzBvX1ZUQVN0Wlg3Ny1IZDBkX05TSm9KVFVzZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODAv
MzBlZDNlLWM0YzQtNGRlOC1iNGYxLWYxMWEzOWYyNmMzYi8xL1hhT1VIQ2ZQNWNJ
MHhMOGlIc3NxVjVzdDZxcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE1TXjANBgkqhkiG9w0BAQsFAAOC
AQEAYb3E+d3g574xPLPNTuhAMEqqJze6VM8etvaTSQIGVh2Fx1oDg3p52FFujqi4
nJOfJ9SqCI8kWhrF10r7UkN2GGrTzNz2kFiT8/G7BBfzGrQgAQt2TB3nxIMRNiGG
NdOrSnQj5MopAQS4MYYoJASluALDRCT0Zi7cKKQOZtJFXaVDAai3W/+7DUiEDJLW
sM05l6cvc2LRj9f9zFymOqboCvirpW86HieTxj8+Oq2cpW7NgM/P9es2coAnmwup
sGP/s8UR2RN71owsz+kzKgMkefCiGFUFD4KxPtXJWUAI5dugSRJUF0yk/vMLL3yq
2LKcuAB4ydMGXmnC3UwVHgtkoA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:47 2024 by rpki-client on console-fra.rpki-client.org